From 92c1c7dc36d60f81f029d8045a18eeff25aab461 Mon Sep 17 00:00:00 2001 From: tierno Date: Mon, 12 Nov 2018 15:22:37 +0100 Subject: [PATCH] Bug 559 use schema_version 1.1 and encrypt passwds Change-Id: I8f949a0e68460b5d81fc0b7392fe700494a6c4be Signed-off-by: tierno --- Dockerfile.local | 4 +-- osm_nbi/admin_topics.py | 51 +++++++++++++++++++++++++++++++------ osm_nbi/html_public/version | 4 +-- osm_nbi/nbi.cfg | 2 +- 4 files changed, 48 insertions(+), 13 deletions(-) diff --git a/Dockerfile.local b/Dockerfile.local index da13878..7096163 100644 --- a/Dockerfile.local +++ b/Dockerfile.local @@ -56,7 +56,7 @@ ENV OSMNBI_DATABASE_HOST mongo ENV OSMNBI_DATABASE_PORT 27017 # ENV OSMNBI_DATABASE_USER xxx # ENV OSMNBI_DATABASE_PASSWORD xxx -# ENV OSMNBI_DATABASE_MASTERPASSWORD xxx +# ENV OSMNBI_DATABASE_COMMONKEY xxx # web ENV OSMNBI_STATIC_DIR /app/osm_nbi/html_public # logs @@ -67,7 +67,7 @@ ENV OSMNBI_MESSAGE_DRIVER kafka ENV OSMNBI_MESSAGE_HOST kafka ENV OSMNBI_MESSAGE_PORT 9092 # logs -ENV OSMNBI_LOG_FILE /app/log/nbi.log +# ENV OSMNBI_LOG_FILE /app/log/nbi.log ENV OSMNBI_LOG_LEVEL DEBUG # authentication ENV OSMNBI_AUTHENTICATION_BACKEND internal diff --git a/osm_nbi/admin_topics.py b/osm_nbi/admin_topics.py index 3b5da53..091ac88 100644 --- a/osm_nbi/admin_topics.py +++ b/osm_nbi/admin_topics.py @@ -128,6 +128,7 @@ class VimAccountTopic(BaseTopic): topic_msg = "vim_account" schema_new = vim_account_new_schema schema_edit = vim_account_edit_schema + vim_config_encrypted = ("admin_password", "nsx_password", "vcenter_password") def __init__(self, db, fs, msg): BaseTopic.__init__(self, db, fs, msg) @@ -136,12 +137,35 @@ class VimAccountTopic(BaseTopic): self.check_unique_name(session, indata["name"], _id=None) def check_conflict_on_edit(self, session, final_content, edit_content, _id, force=False): - if edit_content.get("name"): + if not force and edit_content.get("name"): self.check_unique_name(session, edit_content["name"], _id=_id) - @staticmethod - def format_on_new(content, project_id=None, make_public=False): - BaseTopic.format_on_new(content, project_id=project_id, make_public=False) + # encrypt passwords + schema_version = final_content.get("schema_version") + if schema_version: + if edit_content.get("vim_password"): + final_content["vim_password"] = self.db.encrypt(edit_content["vim_password"], + schema_version=schema_version, salt=_id) + if edit_content.get("config"): + for p in self.vim_config_encrypted: + if edit_content["config"].get(p): + final_content["config"][p] = self.db.encrypt(edit_content["config"][p], + schema_version=schema_version, salt=_id) + + def format_on_new(self, content, project_id=None, make_public=False): + BaseTopic.format_on_new(content, project_id=project_id, make_public=make_public) + content["schema_version"] = schema_version = "1.1" + + # encrypt passwords + if content.get("vim_password"): + content["vim_password"] = self.db.encrypt(content["vim_password"], schema_version=schema_version, + salt=content["_id"]) + if content.get("config"): + for p in self.vim_config_encrypted: + if content["config"].get(p): + content["config"][p] = self.db.encrypt(content["config"][p], schema_version=schema_version, + salt=content["_id"]) + content["_admin"]["operationalState"] = "PROCESSING" def delete(self, session, _id, force=False, dry_run=False): @@ -176,12 +200,23 @@ class SdnTopic(BaseTopic): self.check_unique_name(session, indata["name"], _id=None) def check_conflict_on_edit(self, session, final_content, edit_content, _id, force=False): - if edit_content.get("name"): + if not force and edit_content.get("name"): self.check_unique_name(session, edit_content["name"], _id=_id) - @staticmethod - def format_on_new(content, project_id=None, make_public=False): - BaseTopic.format_on_new(content, project_id=project_id, make_public=False) + # encrypt passwords + schema_version = final_content.get("schema_version") + if schema_version and edit_content.get("password"): + final_content["password"] = self.db.encrypt(edit_content["password"], schema_version=schema_version, + salt=_id) + + def format_on_new(self, content, project_id=None, make_public=False): + BaseTopic.format_on_new(content, project_id=project_id, make_public=make_public) + content["schema_version"] = schema_version = "1.1" + # encrypt passwords + if content.get("password"): + content["password"] = self.db.encrypt(content["password"], schema_version=schema_version, + salt=content["_id"]) + content["_admin"]["operationalState"] = "PROCESSING" def delete(self, session, _id, force=False, dry_run=False): diff --git a/osm_nbi/html_public/version b/osm_nbi/html_public/version index f681730..80d6895 100644 --- a/osm_nbi/html_public/version +++ b/osm_nbi/html_public/version @@ -1,2 +1,2 @@ -0.1.25 -2018-11-08 +0.1.26 +2018-11-15 diff --git a/osm_nbi/nbi.cfg b/osm_nbi/nbi.cfg index 215211d..1dbc9ca 100644 --- a/osm_nbi/nbi.cfg +++ b/osm_nbi/nbi.cfg @@ -50,7 +50,7 @@ port: 27017 name: "osm" # user: "user" # password: "password" -# materpassword: "mpasswd" +# commonkey: "commonkey" loglevel: "DEBUG" #logfile: /var/log/osm/nbi-database.log -- 2.17.1